krb5_init_context()

Chris Hecker checker at d6.com
Thu Sep 3 03:27:27 EDT 2020 

 > This is strange. Isn't there a way to "init" a krb5 library context 
just
by *PASSING* the config directly to the init funciton?!?

Check out krb5_init_context_profile, I had to expose it in my local copy 
of krb5 years ago, but I think it might be exposed now?

http://web.mit.edu/kerberos/krb5-1.18/doc/appdev/refs/api/krb5_init_context_profile.html

Chris




------ Original Message ------
From: "Scot McKinley" <scot.mckinley at oracle.com>
To: "Greg Hudson" <ghudson at mit.edu>; krbdev at mit.edu
Sent: 2020-09-02 21:08:28
Subject: Re: krb5_init_context()

>Hi Greg, in looking at the header files, and your previous reply, it
>appears that krb5_init_secure_context() may be exactly what i want.
>
>  > I don't think it will solve this problem, as it simply causes the
>context to ignore environment variables.
>
>Yes, i want a "krb5_init_context" that "ignores environment variables",
>and thus retrieves its config in some other manner. In this case, it
>appears that the "other manner" of retrieving config for
>"krb5_init_secure_context" is some configuration files, which is a
>problem, since we have our OWN config files.
>
>This is strange. Isn't there a way to "init" a krb5 library context just
>by *PASSING* the config directly to the init funciton?!?
>
>Regards, Scot
>
>On 9/2/2020 12:51 PM, Scot McKinley wrote:
>>  Hi Greg, the issue that i am talking about is that krb5_init_context()
>>  gets its config from the environment var KRB5_CONFIG. We are looking
>>  for an initialization of the krb5 context that doesn't rely on the
>>  environment.  I was hoping that was krbt_init_secure_context(). Is
>>  there some OTHER way of passing the config that is retrieved via
>>  KRB5_CONFIG in a non environment variable manner?
>>
>>  Thanks, Scot
>>
>>  On 9/2/2020 11:56 AM, Greg Hudson wrote:
>>>  On 9/2/20 2:31 PM, Scot McKinley wrote:
>>>>  For our use of KfW, we are using krb5_init_context() as our initial
>>>>  call
>>>>  to krb5, attempting to use the environment interface defined for the
>>>>  API. The problem is that env on windows is not well supported and is
>>>>  buggy (env is actually cached at the loading of particular library).
>>>  I'm not sure what "the environment interface defined for the API" efers
>>>  to.  But I am aware of
>>>https://urldefense.com/v3/__https://krbdev.mit.edu/rt/Ticket/Display.html?id=2636__;!!GqivPVa7Brio!I5k04J1RiX44zosubuYy3_bkop72Wh1a9EPuo5rFAFcvY05iFe9qyQKfc46nGfRwDaQ$
>>>
>>>  which unfortunately hasn't been resolved.
>>>
>>>>  I see now that there is another API: krb5_init_secure_context(), which
>>>>  appears to be created to get around exactly this type of env
>>>>  problem. Do
>>>>  you let me know or point me to doc that shows the interface for this
>>>>  new
>>>>  function?
>>>  krb5_init_secure_context() isn't new--it was in the 1.0 release.  I
>>>  don't think it will solve this problem, as it simply causes the context
>>>  to ignore environment variables.  The documentation for it is at:
>>>
>>>https://urldefense.com/v3/__https://web.mit.edu/kerberos/krb5-latest/doc/appdev/refs/api/krb5_init_secure_context.html__;!!GqivPVa7Brio!I5k04J1RiX44zosubuYy3_bkop72Wh1a9EPuo5rFAFcvY05iFe9qyQKfc46n1NhXa3M$
>>>
>>>
>>>  It seems possible that you meant krb5_init_context_profile(), which was
>>>  added in release 1.10:
>>>
>>>https://urldefense.com/v3/__https://web.mit.edu/kerberos/krb5-latest/doc/appdev/refs/api/krb5_init_context_profile.html__;!!GqivPVa7Brio!I5k04J1RiX44zosubuYy3_bkop72Wh1a9EPuo5rFAFcvY05iFe9qyQKfc46nfpydYts$
>>>
>>>
>>>  This interface was created to make it possible to use
>>>  profile_init_vtable() with a krb5 context.  See the comments in
>>>  profile.h for how to use that.
>>>
>>>  (It would probably be easier if one could create a memory-only profile
>>>  object, either empty or from a file, and then use profile_add_relation()
>>>  and/or profile_update_relation() on it.  But that hasn't been
>>>  implemented.)
>_______________________________________________
>krbdev mailing list             krbdev at mit.edu
>https://mailman.mit.edu/mailman/listinfo/krbdev

More information about the krbdev mailing list